ClearOS provides both POP and IMAP servers (cyrus-imapd) for providing mail delivery to desktop clients.
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
<navigation>Server|Messaging|IMAP and POP Server</navigation>
The base mail domain is used by a number of apps: SMTP Server, IMAP, Mail Filter, etc. Each app saves this information in its own configuration file, but we really only want to see the domain in one place in the user interface. That's where the Mail Settings app comes in.
The mail server supports four different protocols:
We strongly suggest using the secure protocols if possible. The IMAP and POP server will use its own self-signed certificate out of the box. We recommend that you obtain a commercial certificate in conjunction with the Certificate Manager or a free Let's Encrypt Certificate to secure the protocol. Instructions on using the Let's Encrypt certificate are in this HowTo.
<note tip>Outlook will give a certificate warning every time it starts if the IMAP and POP server uses its own self-signed certificate fot IMAPS or POPS. This warning will disappear if Let's Encrypt or commercial certificates are used.</note>
Some mail clients support the push e-mail feature (also known as the IMAP Idle feature). With this feature enabled on both the server and client, e-mail will appear in your mailbox as soon as it arrives. This feature is most useful on wireless and handheld devices. The following mail clients are known to support push e-mail (IMAP Idle):
If you are using Mozilla's Thunderbird, click on <navigation>Tools|Account Settings</navigation>, then select “Server Settings” from the navigation bar. Ensure the Use secure connection (SSL) checkbox is enabled.
For Outlook and Outlook Express, click on <navigation>Tools|Accounts</navigation>, select the account you wish to configure and click on the <button>Properties</button> button.
Next, click on the “Advanced” tab, and ensure the “This server requires a secure connection (SSL)” checkbox is enabled.
For other mail clients, similar set-up/configuration will exist. Please refer to documentation for your mail client for specific instructions.
<note tip>Clients such as Outlook and Thunderbird will first guess you username to be your full e-mail address in their wizards. You will need to change this to remove the domain part from the e-mail address.</note>
<note tip>If you forget the above tip, and you are using the Attack Detector app, you may find that you cause enough password failures to trigger a ban. Please consult the Attack Detector App documentation to unban the device IP. You may also want to consider whitelisting your LAN.</note>
If you open any incoming POP or IMAP port to the internet, then you are more exposed to user/password hacking so strong passwords are highly recommended. By way of mitigation, it is recommended to install the Attack Detector app and enable it for cyrus-imap. The IPS Updates enabled for IMAP and/or POP are also recommended. <note tip>To reduce your exposure to the internet it is recommended that you keep to the Secure protocols and, preferably, only one of them.</note>
<note warning> Do not forget to open up firewall ports for e-mail. You only need to open the POP or IMAP ports if you plan on picking up your mail from outside your local network. The default ports are listed below:
Only open the ones you require. </note>